Editors

Get Updates via E-mail

Disclaimer

The content of this blog is intended for informational purposes only. It is not intended to solicit business or to provide legal advice. Laws differ by jurisdiction, and the information on this blog may not apply to every reader. You should not take, or refrain from taking, any legal action based upon the information contained on this blog without first seeking professional counsel. Your use of the blog does not create an attorney-client relationship between you and Arnold & Porter LLP. Click here to view additional disclaimer language.

Copyright 2008-2016 Arnold & Porter LLP

Children

February 03, 2014

Last week Nissan North America and advertising agency TBWA Worldwide signed consent agreements with the Federal Trade Commission, settling allegations that a Nissan Frontier truck advertisement, which aired in 2011, was deceptive. This is the latest in a series of actions the FTC has taken to curb deceptive automobile advertisements.

The ad in question showed a Nissan truck pushing a disabled dune-buggy up a sandy hill as onlookers cheer and shout. The FTC alleged that in reality the truck and buggy were both towed up the hill on cables and that the sand dune was manipulated to appear steeper than it actually was. These commercials, the FTC argued, misrepresented the abilities of the Nissan Frontier, which cannot actually push dune buggies up steep, sandy hills. The FTC complaint also noted that the ad was shot in a “realistic, ‘YouTube’ style, as if shot with a mobile phone video camera,” which seems to have contributed to the FTC’s belief that the advertisement deceptively portrayed the truck’s capabilities.

The FTC’s pursuit of these claims should remind advertisers that product demonstrations and depictions can constitute advertising claims about their products’ capabilities. While special effects are ubiquitous in advertising, advertisers must carefully walk the line between presenting attention-getting advertising and making inaccurate representations about their products. Disclaimers may help clarify for viewers the circumstances depicted in ads, but only if they are clear and conspicuous. The Nissan ad included the disclaimer “Fictionalization. Do not attempt.” but the FTC took the view that it was insufficient because it was in small text, displayed only for a short period of time, and disappeared before the truck was shown on screen.

The FTC doesn’t frequently bring complaints against ad agencies too, but it is not unprecedented. The FTC’s position is that an ad agency may be liable for deceptive advertising if it actively participated in the creation of the ad and knew or should have known the claim was deceptive (see discussion here). The FTC’s actions with regard to Nissan’s truck ad underscores the need for both advertisers and the ad agencies to pay close attention to the express and implied claims that the visuals in advertisements communicate to consumers.

January 22, 2014

We have previously written about the manner in which in-app content is marketed to children. Now, Apple Inc. has agreed to provide at least $32.5 million in refunds to consumers for in-app purchases made by minors accidentally or without parental consent.

The FTC’s complaint alleges that Apple’s procedures for in-app purchases are unfair because Apple often fails to obtain the parent’s informed consent for in-app charges. After an iTunes user enters the account password to buy an app or make an in-app purchase, additional purchases may be made for fifteen minutes without reentering the password. Apple does not expressly warn users about this fifteen-minute window, which enables children to make additional purchases unbeknownst to their parents. Some children managed to rack up hundreds or even thousands of dollars of in-app charges during these fifteen-minute windows.

The settlement agreement requires Apple to provide full refunds for unauthorized or accidental in-app purchases made by children. The settlement also requires Apple to change its billing practices to ensure it has obtained the account holder’s “express, informed consent” for all in-app purchases. If Apple wants to continue allowing users prospectively to authorize future in-app purchases, it must clearly disclose the scope of that authorization and allow the user to revoke that consent at any time.

This settlement demonstrates the FTC’s willingness to pursue what it considers unfair practices in the high-tech realm. As FTC Chairwoman Edith Ramirez stated:

[W]hether you’re doing business in the mobile arena or the mall down the street, fundamental consumer protections apply. You cannot charge consumers for purchases they did not authorize.

Digital content providers should take care to ensure that their disclosure practices are adequate.

This matter also illustrates the important role that consumer complaints can play in shaping enforcement priorities. The FTC’s complaint twice mentions that tens of thousands of customers had complained to Apple about unauthorized in-app purchases by children. Apple’s stated policy was that all in-app purchases were considered final, and Apple did not change its procedures or policy despite the continuing stream of customer complaints.

December 11, 2013

UPDATE 2 (1/16/2014): Off again, on again. After citing a procedural error and withdrawing its proposal to require reporting of arsenic, cadmium, formaldehyde, and mercury in children’s products in mid-December, Maine's Department of Environmental Protection (DEP) revived its rulemaking notices on Christmas eve. A hearing is now scheduled for January 14, 2014, and the comment deadline is now January 31, 2014.

UPDATE (12/16/2013): Maine says not so fast. On Wednesday, December 11, 2013, we reported that Maine’s Department of Environmental Protection (DEP) had proposed to require reporting of arsenic, cadmium, formaldehyde, and mercury in children’s products. On Friday, December 13, DEP withdrew its rulemaking notice, citing a “procedural error.” We will provide a further update if and when the rulemaking is revived.

_____________________________________________________________________

Companies that make or distribute children’s products containing arsenic, cadmium, formaldehyde, or mercury should take note: The Maine Department of Environmental Protection (DEP) is proposing to require companies to report the presence of those four chemicals in concentrations above de minimis levels. Assuming the proposed rules become final, arsenic, cadmium, formaldehyde and mercury would join two other chemicals--bisphenol-a and the chemical class nonylphenol and nonylphenol ethoxylates--as so-called “Priority Chemicals” under Maine’s Toxic Chemicals in Children’s Products law.

What are the de minimis levels?

If a Priority Chemical is intentionally added to the product, the proposed reporting rules would apply only if the chemical is present at concentrations above the “practical quantification limit” (or PQL), meaning the concentration that can be reliably measured by a laboratory under routine operating conditions. The PQL can vary from chemical to chemical, and product to product. Although the proposed rules do not explicitly say so, the law under which they were issued also requires reporting of a Priority Chemical that is a contaminant (i.e., not intentionally added) at levels above 100 parts per million.

What’s covered?

The rules would apply to manufacturers, importers, and distributors of the following children’s products intended for use by a child under 12 years of age: bedding, childcare articles, cosmetics, craft supplies, footwear, games, jewelry and embellishments, safety seats, occasion supplies (e.g., costumes and party favors), personal accessories, personal care products, school supplies, and toys.

What’s next?

The Maine DEP will hold a hearing on the proposed rules on December 17, 2013, and comments are due by January 10, 2014. If the proposed rules go into effect, reports from manufacturers will be due 180 days following the effective date. Maine would then be the second state to require public reporting for these substances. The four proposed rules are available for download here.

August 28, 2013

Thanks to a widening
variety of mobile applications targeted at babies and children, parents can increasingly
rely on their mobile devices to help entertain their little ones. Two
complaints filed with the Federal Trade Commission (FTC) on August 7, 2013,
however, request an investigation into claims that particular apps designed for
babies and children are educational. The claims were filed by
Boston-based advocacy group Campaign for a Commercial-Free Childhood (CCFC).

One complaint asks the FTC to investigate claims by Fisher-Price regarding the
educational benefits of its series of “Laugh & Learn Apptivity” apps,
offered for iPhone and iPod devices. According to the complaint,
Fisher-Price claims that these apps teach babies their first words, letters,
numbers, counting, shapes and colors. The apps are sold under the
“Education” category of Apple’s App Store. The complaint alleges that
these marketing statements are unsubstantiated and violate Section 5 of the
Federal Trade Commission Act. In a statement to the New York Times, the senior director of child research at Fisher-Price, Kathleen
Alfano, said that the company conducts extensive research “to create
appropriate toys for the ways children play, discover and grow” and that it had
“appropriately extended these well-researched play patterns into the digital
space.”

The other complaint asks the FTC to investigate similar claims by Slovakian company
Open Solutions about its mobile applications targeted toward babies. The
complaint regarding Open Solutions was withdrawn on August 14, 2013, following substantial changes to the company’s marketing of its mobile apps. Among other
things, Open Solutions removed statements from its marketing materials that its
apps would “entertain and educate your baby,” that they were “designed by
parents for young babies,” and that they would help babies “practice motor
skills, shapes, logic and precision.”
Open Solutions also removed the statement “we love to build the best
learning apps for your kids” and all statements that said that a particular app
was “for babies” of a certain age (for example, “0-6 years” or “1-7 years”).

The complaints allege a
lack of research by either the companies themselves or by third parties
supporting the companies’ claims that mobile apps for touch-screen devices have
any educational benefits to children. The CCFC argues in its complaints
that while no research “definitively shows the harms of educational apps on
very young children,” existing research indicates that screen time for very
young children may do more harm than good when it comes to early learning and
development. The CCFC points to the American Academy of Pediatrics’ recommendation
that children under two years of age should have no screen time at all. The complaints contend that the educational
claims about the mobile apps are likely to mislead reasonable parents. In
particular, with regard to Fisher-Price, the complaint alleges that the
educational claims in combination with “Fisher-Price’s reputation as a leader
in baby toys” imply that the claims about educational value are substantiated.

The FTC has previously
considered advertising claims about the educational value of certain toys and
products for children. For example, in
August of 2012, the FTC filed a complaint against Your Baby Can, LLC and its CEO over the “Your Baby Can Read!” program, which
the company claimed could teach children as young as nine months old how to
read through the use of flash cards, videos and pop-up books. The complaint also charged the product
creator with making deceptive product endorsements. These charges were eventually settled
with the FTC.

The FTC has recently
provided guidance to mobile app developers to help them comply with the FTC’s
policies on truthful advertising and privacy. In April of this year, the
FTC published a guide entitled Marketing Your Mobile App: Get It Right From
the Start, which we blogged about here, and accompanying video, discussed here. The guide and the video focus on the
need to make truthful statements, disclose key information, and ensure that
objective claims are supported by “competent and reliable evidence.” The
FTC’s 1984 Policy Statement Regarding Advertising Substantiation provides more
detail regarding the FTC’s requirement “that advertisers and ad agencies have a
reasonable basis for advertising claims before they are disseminated.”
Although it is not clear whether the FTC will pursue the complaint
against Fisher Price, these recent complaints are a reminder that advertisers
should take care to ensure that they have competent and reliable evidence to
support any objective claims made about their mobile apps.

May 06, 2013

The Federal Trade Commission (FTC) recently issued a
revised set of frequently asked questions (FAQs) explaining certain aspects
of the newly amended rule implementing the Children’s Online
Privacy Protection Act (COPPA) that are schedule to take effect on July 1,
2013. The new FAQs, Complying
With COPPA: Frequently Asked Questions, contain guidance for operators of
commercial and social networking web sites as well as other online service
providers (such as mobile apps) that are either directed to children under 13
or otherwise gather personal information from children under 13. Among other things, the FAQs explain how the
new Rule expands the scope of entities that must comply with COPPA, as well as
the scope of the “personal information” that may not be collected from children
under 13 without parental consent.

Some of the more notable questions answered by the FAQs are:

Will the new Rule
prevent children from lying about their age?

No. If an operator of
a general audience web site or online service screens its users for age, the
operator may rely on the ages provided, including an age that is inaccurate as
long as the web site or service operator does not have actual knowledge that a
child under 13 is the person providing such information. If an operator learns after-the-fact that a
specific user is actually a child under age 13, COPPA’s notice and consent
provisions apply.

Yes, the new Rule modifies the definition of ‘personal
information’ to include any ‘persistent identifier’ that allows recognition of the
user over time and across different web sites or online services, such as a
customer number in a cookie, an IP address, or a device serial number.

If I have an app
directed to children, where do I need to post my privacy policy?

The new Rule generally requires that a privacy policy be
posted on the home or landing screen of
an app, but the FTC encourages operators of child-directed apps also to post
the privacy policy at the point of
purchase. And if a child-directed
app is designed to collect personal information as soon as it is downloaded, it is necessary to provide direct parental
notice and obtain verifiable consent at the point of purchase.

If I have an online
service for teenagers, how does the new Rule affect me?

Even if a site or service is intended to be directed to
teenagers, if a significant number of children under 13 also visit the site or
use the service, it may be considered ‘directed to children’ under the
Rule. In most instances, a web site or
service ‘directed to children’ must treat all visitors as children under 13 and
provide COPPA’s protections to all users
of the site. Such sites and services
may not block children under age 13
from using the site/service.

If I want to offer a
child-directed app that would allow children to post pictures of their favorite
pets or places, how does the new Rule apply to me?

The new Rule considers photos, videos, and audio files that
contain a child’s image or voice to be “personal information,” as are any
persistent identifiers of a child.
Geolocation data allowing for the identification of a street and city or
town is also “personal information.”
Operators must therefore (i) pre-screen and delete any photos that
contain personal information, including geolocation data and persistent
identifiers; (ii) give parental notice and obtain consent before allowing
children to upload photos of themselves or other children, or (iii) ensure that
any persistent identifiers collected pursuant to the child’s upload are used
only to support internal operations of the app.

What should I do
about information I collected from children prior to the effective date of the
new Rule that is now considered ‘personal information’?

The answer depends on the type of “personal information”
collected by a site or online service operator:

Geolocation Information: if you collected geolocation information of a
child without parental consent, you must obtain that consent immediately.

Photo, Video, or Audio Files Containing a
Child’s Image or Voice: you do not need to obtain parental consent for
such files collected prior to the new Rule’s effective date, but must do so for
any collected as of July 1, 2013.

Screen Name or User Name: the new
Rule considers a screen name or user name to be personal information if it
“permits direct contact with a person online.” If you have (or will have)
collected such a screen name or user name prior to July 1, 2013, you must
obtain parental consent for that collection, and, as of that date, you must
also obtain such consent before using any
previously-collected screen name or user name by associating new personal
information.

Persistent Identifiers: Parental
consent is not required to use a persistent identifier collected prior to the
effective date, but if you collect or associate new information with such an
identifier as of July 1, 2013, you must obtain such consent.

The new COPPA FAQs cover a variety of other issues and merit
careful review by operators in consultation with their legal counsel. The new Rule’s provisions are complex and,
even as clarified by the revised FAQs, contain ambiguities, and given the FTC’s
aggressive posture with respect to COPPA enforcement, the FAQs and the Rule
itself demand substantial attention.

April 18, 2013

The Federal Trade Commission (FTC)
has released the results
of its most recent undercover shopper survey on ratings enforcement by
retailers in the entertainment industry.
The survey is part of the FTC’s ongoing study into the marketing of
violent entertainment to children, which was originally requested by President
Clinton on
June 1, 1999 in a letter to the Attorney General and the FTC Chairman.
This year, the FTC’s undercover shopper survey found that movie theaters
and retailers of video games, movie DVDs, and music CDs continue to demonstrate
steady improvement in restricting sales to underage shoppers, with video game
retailers remaining the strongest enforcers of age-based restrictions and movie
theaters demonstrating “marked improvement.”

To conduct its study, the
Commission arranged for unaccompanied 13-to 16-year-old “mystery shoppers” to
attempt to purchase tickets to R-rated movies, R-rated DVDs, unrated DVDs that
were R-rated when first released in theaters, music CDs bearing a Parental
Advisory Label (PAL) for explicit content, and M-rated video games from
theaters and major retailers across the country. These voluntary ratings are developed and
administered by self-regulatory bodies of the movie, music, and electronic game
industries, including the Motion Picture Association of America (MPAA), the
Recording Industry Association of America (RIAA), and the Entertainment
Software Rating Board (ESRB), respectively.

The study found that video game
retailers were the strongest enforcers of industry ratings, with only 13
percent of underage shoppers able to purchase M-rated video games, as was the
case in 2010. Movie theaters showed
significant improvement, with 24 percent of underage shoppers able to purchase
tickets to R-rated movies, down from 33 percent in 2010. Thirty percent of underage shoppers were able
to buy R-rated DVDs, versus 38 percent in 2010, and 30 percent were able to buy
unrated DVDs, versus 47 percent in 2010.
Finally, 47 percent of underage shoppers were able to purchase PAL-labeled
CDs, down from 64 percent in 2010 and 72 percent in 2009.

This is the Commission’s seventh
such survey since its initial report to Congress
in 2000 on the marketing of violent entertainment to children by the movie,
music, and electronic game industries.
In the 2000 report, the FTC recommended that the industries enhance
their self-regulatory programs by (1) prohibiting target marketing to children
and imposing sanctions for violations; (2) increasing compliance with rating systems
at the retail level; and (3) increasing parental understanding of the
ratings. Since then, the Commission has
monitored the industries’ progress and in 2009, then-Chairman Leibowitz commended
the strides made by the movie and game industries, which included theaters and
game retailers “significantly stepp[ing] up their enforcement of the
ratings.” The Commission this year noted
that “for first time since the FTC began its mystery shop program in 2000,
music CD retailers turned away more than half of the undercover shoppers.” Overall, it appears that the industries’
efforts to enhance their self-regulatory programs in connection with the FTC’s
recommendations have produced results, as the Commission found “continued
progress” in reducing sales to underage shoppers.

April 16, 2013

With
the recent release of an informational
graphic, an easy-to-read visual guide, the Federal Trade Commission (FTC)
just made it much easier for busy parents who need help navigating the
overwhelming array of mobile apps on the market that are aimed at
children. The graphic, which is part of
the FTC’s consumer
education initiative “directed to
parents to help navigate the mobile app marketplace and avoid apps that fail to
provide adequate disclosures about how children’s information will be used,”
depicts findings from the Federal Trade Commission’s recent report, “Mobile Apps
for Kids: Disclosures Still Not Making the Grade”, and provides parents and
other consumers with practical tips for safeguarding children’s privacy. As we previously blogged,
the FTC report, which was the second of its kind, found that there were serious
concerns with the privacy disclosures and practices of apps geared toward
children, and that there had been little progress with respect to these issues
since the first report was issued in February 2012. The informational graphic highlights what the
FTC sees as the disconnect between the practices of mobile apps and the
disclosures related to those practices.

Mobile apps may collect and share personal
information. The FTC’s second survey on
mobile apps marketed to children found that while 59% of the apps surveyed
collected and shared personal information, only 11% disclosed that fact.

Even free apps may permit children to make
in-app purchases. Fully 84% of
children’s apps that enable purchases within the app are free for the initial
download.

While 54% of the apps surveyed contained
advertisements within the app, only 9% disclosed the presence of ads.

Similarly, 22% of apps link to social media
sites such as Facebook and Twitter, but only 9% of the apps surveyed disclosed
this practice.

The FTC advises parents to review carefully the content of
the app, change phone or tablet settings to prevent children from downloading
inappropriate content or making inadvertent purchases, and spend time using the
app with children.

While the graphic does not provide any truly new
information, its release is noteworthy because it is one in a number of FTC
efforts over the past couple years regarding mobile app privacy and marketing
concerns (see our previous posts here,
here,
here,
here,
and here). With so much focus on the mobile apps
marketplace, it is an ideal time to remind app developers and
would-be-developers that, as the FTC warned in its December
2012 Report, the agency is launching non-public investigations to determine
if there have been any violations of the Children’s Online
Privacy Protection Act or Section 5 of the FTC Act
in the marketplace, and that companies that have failed to implement the
recommendations from the FTC’s February 2012 Report may find themselves facing
potential deceptive practices claims.
So, while the target audience of the new information graphic is
consumers, as the FTC recommends
“savvy app developers will want to take a look, too.”

January 07, 2013

As we begin 2013, we wanted to take a look back at our top
FTC developments from 2012. Like last
year, there are too many good ones to limit them to just the top 10.
1. Green Guides

While green claims have been an enforcement priority for the
FTC over the last few years, the FTC finally released its revised Green Guides,
which we summarized here,
here,
and here.

2. Protecting Kids

The FTC adopted
final amendments to the COPPA rule meant to keep the rule current with evolving
technology and the way children use the Internet, including mobile devices and
social networking websites. The FTC also
released
an updated report on mobile apps for kids, finding that there has been little
progress since the FTC first
looked at this issue in 2011 and strongly encouraging providers to improve
their practices… or else.

3. Mobile Apps and Disclosures

Sticking with the theme of mobile apps, the FTC also published
guidance for mobile app developers addressing marketing and privacy
issues. Earlier in the year, the
Commission held a workshop
on updating its 2000 Dot Com Disclosures guidance in light of changes in
technology and the way consumers use and access the Internet.

4. Privacy Report

The FTC released
its final report setting forth a privacy framework and best practices for
companies that collect and use consumer data.

5. Personnel Changes

Last year saw two new Commissioners -- Maureen Ohlhausen and Joshua
Wright -- and the departure of David
Vladeck, the Director of the Bureau of Consumer Protection. It remains to be seen whether Vladeck’s
departure will have any significant, long-term effect on the FTC’s consumer
protection enforcement actions and priorities.

6. Record Breaking

The FTC won
its largest ever litigated monetary judgment when the US District Court for
the Central District of California ordered a marketer of wealth creation
products to pay $478 million.

7. Reaching an Understanding

As required by the Dodd-Frank Act, the FTC and CFPB entered
into a Memorandum of Understanding on coordinating enforcement actions and
harmonizing rulemakings.

8. The Public Interest

Courts took a closer look at whether FTC settlements in
which the defendant denied liability or did not admit liability were in the
public interest. In twocases
that looked at this issue, the courts ultimately approved the settlement as
is. Commissioner Rosch led the charge in
questioning such settlements, and with his departure it will be interesting to
see if this issue persists.

9. It’s Never-ending

There will always be people who struggle with weight, and
the FTC will always be keeping an eye on companies that market weight loss
products. In 2012, the FTC reached
settlements with Skechers,
Medifast, and Ab
Circle Pro over weight loss and other health claims.

10. What
Else Was the FTC “Up To” in 2012?

Settling
with replacement window companies over claims that their windows could save
consumers “up to” an advertised amount on energy costs. These settlements, and subsequentFTC activity,
appeared to represent a departure from the FTC’s prior guidance on maximum
performance claims. Time will tell
whether the new standard is limited to the facts and circumstances of these cases,
or will apply more generally.

11. Bad
Spy

In the creepiest
development of 2012, the FTC settled with several rent-to-own companies
over claims that they used software on computers they rented to spy on
consumers, including capturing personal information and pictures of consumers’
homes.

12. Sleep
Tight

And in the ickiest
development, the FTC brought charges against two makers of bed bug and lice
treatments alleging that the companies lacked substantiation for their claims
and falsely claimed government recommendation and affiliation.

The FTC was indeed very busy in 2012, identifying and
addressing issues across industries and forms of advertising. We’re excited to see what’s in store for
2013. Stay tuned to the Consumer
Advertising Law Blog for all the riveting details!

December 21, 2012

This week, the Federal Trade Commission adopted final amendments to the Children’s Online Privacy Protection Rule, which is the rule implementing the Children’s Online Privacy Protection Act of 1998 (COPPA). The COPPA Rule generally requires parental consent before websites and online services can collect, use or disclose personal information from children under the age of 13. The amendments are intended to make sure that the COPPA Rule keeps up with evolving technology and the way children use the Internet, including the increased use of mobile devices and social networking websites.

Among other things, the amendments:

Update the list of personal information that cannot be collected without parental notice and consent to include geolocation information, photographs, videos and audio files that contain a child’s image or voice;

Closed a loophole that allowed websites subject to COPPA to permit third parties to collect personal information without parental notice and consent through the use of plug-ins or advertising networks that are integrated into the covered websites;

Streamline the process by which the FTC approves new methods of obtaining parental consent;

Require a third party to obtain parental consent if it has actual knowledge that it is collecting personal information through a child-directed website or online service;

Subject to certain exceptions, extend the COPPA Rule to cover persistent identifiers (e.g., IP addresses and mobile device IDs) that enable the identification of users over time and across websites and online services;

Require websites and online service providers subject to COPPA to take steps to release children’s personal information only to companies that can keep it confidential and secure;

December 18, 2012

In this age of technology, parents have more options than
ever before to enrich, distract, or even at times, bribe their children with
bright and colorful apps on their mobile devices. As of September 2012, there were over 700,000
apps available in both the Apple App store and Google Play store. The problem is that there remain some
significant privacy concerns associated with these apps. The Federal Trade Commission (FTC) has just
released a new staff
report that examines the privacy disclosures and practices of apps geared
toward children. The report focuses on
the results of a second FTC survey related to mobile apps for kids, and
concludes that not much has changed since the first survey
conducted in 2011, the results of which were documented in a staff report
released in February 2012, “Mobile Apps for Kids: Current Privacy Disclosures are
Disappointing”.

The FTC acknowledges that app makers probably have the best
of intentions when it comes to protecting the kids’ privacy. However, it appears there has been little
progress with regard to informing adults what data is being collected, how it’s
being shared, and who will have access to it.
The report also found that many apps include interactive features that
link to social media and provide information to ad networks or other third
parties without giving notice to the adults.

FTC staff examined hundreds of apps aimed at kids and looked
at disclosures and links on each page in the app store, on the app developer’s
site, and within the app itself. Going
further in this second survey, staff not only examined the apps disclosures,
they downloaded the apps themselves and tested them to see if the disclosures
were actually put into practice.
According to the report, “most apps failed to provide any information about the data
collected, let alone the type of data collected, the purpose of the collection,
and who would obtain access to the data.”
Only about 20% of the apps reviewed by FTC staff disclosed any
information about privacy practices.

The FTC report strongly encourages mobile app developers and
other related third parties to make better efforts to ensure that parents have
the information they need to make educated decisions about the apps before they
download them for their kids. In
particular, the report urges the industry to “expeditiously” take the steps
recommended in the February 2012 Report, including:

incorporating privacy protections into
the actual design of mobile apps for kids;

offering parents
easy-to-understand choices about data collection and sharing through kids’
apps; and

providing greater transparency about how data is collected, used,
and shared through these apps.

App developers should be aware that the FTC is launching
non-public investigations to determine if any of the companies in this mobile
app sphere are violating the Children’s Online Privacy Protection Act or the
FTC Act, and that a failure to “expeditiously” heed the recommendations in the
February 2012 Report could give rise to potential claims of deceptive practices
actionable under the FTC Act.

August 14, 2012

Last week, the FTC proposedadditional changes to its rules implementing the Children’s Online Privacy Protection Act (COPPA). These changes come in response to the more than 350 comments the FTC received after publishing a comprehensive set of proposed revisions in September 2011 (which we blogged about here). All of the new proposed changes concern specific definitions in the COPPA regulations, which are critical in determining the regulations’ scope of application.

The specific changes the FTC is now proposing would amend the definitions of “operator,” “personal information,” and “Web sites or online services directed to children” and would create a new definition of “support for internal operations of the Website or online service.”

Perhaps the most significant change is the proposed new definition of “Web site or other online service directed to children.” The current definition includes all sites “targeted to children,” with certain limitations. The 2011 proposed revisions would have amended this definition very slightly. Now, however, the FTC proposes a substantially revised definition that adds a knowledge component and otherwise narrows the circumstances in which the FTC will require a website operator or online service to treat all its visitors as if they were children under 13. The new definition has four parts, such that a “Web site or online service directed to children” includes any of the following:

A site/service that knowingly targets children under 13 as its primary audience,

A site/service that is likely to attract children under 13 as its primary audience, or

A site/service that is likely to attract “a disproportionately large percentage of children under age 13” unless such site/service screens all users for age and obtains parental consent before collecting personal informationfrom users who identify themselves as under 13.

A site/service that “knows or has reason to know that it is collecting personal information through any Web site or online service” described in any of parts (1) through (3) above.

As the FTC notes, this proposed new definition largely reflects the agency’s position to date, as applied in enforcement actions it has taken under the current regulations. The FTC has, in its enforcement guidances and elsewhere, encouraged websites and online services to use age-screening as a means to ensure that parental consent can be sought prior to collecting information from children under age 13. The proposed codification of age screening as a requirement for sites/services with mixed audiences clarifies the FTC’s policy and practice in this regard.

The inclusion of a site/service that “knows or has reason to know” that it is collecting personal information through a site or service directed to children would help cabin the responsibility of online services such as advertising networks or downloadable “plug-ins,” which often are not logistically capable of controlling or monitoring which sites incorporate their online services. In discussing this proposed change, the FTC clarified that the proposed new definition would not impose on an online service a duty to monitor or investigate whether it is incorporated into a child-directed site, but neither would it allow a service provider to ignore credible information that it is collecting information from children.

The other definitional changes the FTC is newly proposing are:

Revising the definition of “operator” so that both the provider of an information-collection service (such as a social networking plug-in or advertising network) and the website or online service in which such service is integrated are responsible under COPPA. Under the FTC’s current interpretation of the COPPA rules, the information collection service provider is solely responsible for its information collection activities. The FTC is proposing this change on the ground that the main website operator benefits from the information-collection activity and is in the best position to know if its site is directed to children, to control what plug-ins and advertising networks are integrated into its site, and to give notice to and obtain consent from parents.

Narrowing the definition of “personal information” so that it would include a screen name or user name only if that name is “online contact information” – i.e., an identifier that allows direct online contact with the user. The September 2011 proposal would have treated a screen or user name as “personal information” if it were used for anything other than a site’s internal technical operations. That prompted objections from certain commenters on the grounds that screen names are importantly used to permit certain site uses by children, such as transitioning between devices or platforms via a single screen or user name, without unnecessarily collecting personal information. In its new proposal, the FTC acknowledges the benefits of screen and user names in place of individually identifiable information for such uses.

Clarifying the definition of “persistent identifier” (which is now “personal information” under the rules) to make clear that it does not include identifiers used solely to support internal site operations and to define what qualifies as “support for internal operations.”

June 19, 2012

Facebook’s recent announcement that it is considering opening its social networking site to children under the age of 13 has triggered scrutiny from Members of Congress as well as causing concern among privacy advocates. In a letter to Facebook CEO Mark Zuckerberg, Congressmen Edward Markey (D-Mass.) and Joe Barton (R-Texas), co-chairs of the Bi-Partisan Congressional Privacy Caucus, questioned whether the company would have adequate procedures to ensure compliance with the Children’s Online Privacy Protection Act (COPPA), which requires companies to obtain “verifiable parental consent” before collecting personal information from children under 13. The letter specifically requests details about Facebook’s plans to comply with the law, and asks that Facebook provide that information and responses to a series of related questions by June 25, 2012.

Facebook reportedly has been developing technology to allow children under 13 to use its site with parental supervision, possibly by connecting children’s accounts to their parents’ and by giving parents control over their children’s friends and applications. That would appear to be consistent with COPPA, but the FTC is currently reworking its COPPA regulations and it is unclear that Facebook’s planned methodologies would comply with the revised regulations the FTC plans to issue later this year. In September, the FTC proposed changes to the COPPA rules that included expanding the definition of personal information to include IP addresses, photos and videos; broadening the definition of “collection” to include “prompting, or encouraging” children to submit personal information; and eliminating the “email plus” method of obtaining verifiable parental consent.

So Facebook needs to be forward-thinking as it proceeds with its apparent plan to allow children under 13 to use its site. Each step in its implementation of such a plan will likely be watched by policymakers and privacy advocates, as indicated by Congressmen Markey’s and Barton’s recent letter to Mr. Zuckerberg. Particularly because, as noted in that letter, Facebook only recently settled FTC claims that it had deceived users about its privacy protections, there will be continued skepticism and concern about how trustworthy Facebook’s privacy policies can be.

Facebook is certainly not the only target of concern about protection of children’s privacy in the context of social media sites, however. As Congresswoman Mary Bono Mack (R-Calif.), chairman of the House subcommittee on online privacy, recently admonished: “Very strict privacy protocols must be in place before younger children are allowed on social networking sites.” Indeed, just last November, the FTC entered into a consent decree with Skid-e-kids, a children’s social networking site, for alleged COPPA violations. And last May, the FTC reached a $3 million COPPA settlement with Playdom, an operator of online social games, which remains the largest civil penalty assessed for a COPPA violation.

Regulators have also been cracking down on mobile apps directed at children. Last week, the New Jersey Division of Consumer Affairs sued 24x7digital, a developer of educational mobile apps, for violating COPPA by collecting children’s names, pictures and device identity numbers and transmitting them to third parties without parental notification and consent. In August, the FTC reached a $50,000 COPPA settlement with mobile app developer w3 Innovations.

In addition to the FTC through its forthcoming revisions to the COPPA regulations, new restrictions are anticipated from Congress. Last May, Congressmen Markey and Barton introduced the “Do Not Track Kids Act of 2011,” H.R.1895, which would extend COPPA’s coverage to anyone under 18 and prohibit collecting minors’ personal data for targeted marketing. Facebook is therefore acting in a climate of evolving and uncertain regulatory action. It will need to be both proactive and prescient in considering the benefits and risks, and in taking steps to mitigate risks, of any methodologies it adopts with respect to use of its site by minors.

March 22, 2012

The FTC’s efforts to enforce consent judgments were set back again, this time by a federal district court ruling in the Southern District of Florida. The FTC again lost on the question of whether the advertiser possessed competent and reliable scientific evidence supporting its claims.

The court rejected what it apparently saw as an overly aggressive enforcement position regarding a 2006 consent judgment with Garden of Life, Inc. and its owner. That consent judgment prohibited disease claims unless such claims were substantiated by competent and reliable scientific evidence and prohibited the misrepresentation of any test or study. The FTC alleged that Garden of Life (i) falsely claimed that three products did not contain soy allergens; (ii) made unsubstantiated claims about the benefits of its Ocean Kids products; (iii) made unsubstantiated claims about the superiority of two products compared to competing products; and (iv) falsely claimed that the superiority claims were supported by human clinical studies.

In support of its no soy allergens claim, Garden of Life received an allergen statement from its supplier that the raw materials used did not contain soy, confirmation from one of the supplier’s executives that allergenic ingredients were not used, and a statement from the supplier that its fermentation process consumes or destroys any residual soy. Although the FTC’s testing found soy in the affected products, it did not provide any evidence that the soy came from the supplier’s products. Furthermore, the product at issue was voluntarily recalled prior to the FTC’s complaint, undercutting the FTC’s claims of harm. Based on these facts, the court held that the FTC failed to prove by clear and convincing evidence that Garden of Life lacked competent and reliable scientific evidence substantiating the no soy allergens claim.

Garden of Life made various claims about the ability of its Ocean Kids soft gels to boost or support mental and cognitive functions, mood and behavior, and eye development. The FTC’s expert opined that these claims were not substantiated by competent and reliable scientific evidence. Garden of Life’s expert opined that they were. With no detailed discussion of either expert’s opinion, the court refused to find that Garden of Life violated the consent judgment based on a disagreement between experts.

The court held that the prohibition on unsubstantiated claims concerning “absolute or comparative health benefits, efficacy, [or] performance” did not cover comparisons to competing products, but only claims about the product’s health benefits or health improvements compared to not using the product. Even if the order did cover comparisons to competing products, the court concluded that the FTC “took several statements out of context and manipulated them in an attempt to substantiate its allegation that [Garden of Life] made unsubstantiated comparisons of the Grow Bone System to other products.”

Finally, the court rejected the FTC’s allegation that Garden of Life misrepresented “‘the results and validity of clinical studies of AlgeaCal when marketing RAW Calcium and the Grow Bone System.’” The court concluded that under the consent judgment Garden of Life was not required to conduct studies of RAW Calcium and the Grow Bone System. Furthermore, in a strict reading of the consent judgment, the court stated that it did not require that the studies “be reliable or performed in a certain manner” -- instead, all the consent judgment requires is that the statements about the studies (e.g., that study participants consumed the ingredients in the Grow Bone System) be literally true, which they were. Perhaps influencing these conclusions, the court went on to note that Garden of Life’s expert had opined that the RAW Calcium and the Grow Bone System claims were supported by competent and reliable scientific evidence.

The Garden of Life decision is another example of a trend we havedocumentedhere over the past couple of years: a court disagreeing with the FTC about the quantity and quality of evidence required to satisfy the competent and reliable scientific evidence standard. These decisions have prompted the FTC to incorporate into consent orders more specific and stringent standards for what constitutes competent and reliable scientific evidence for certain claims, such as the requirements regarding two adequate and well-controlled human clinical studies and essentially equivalent products in the Iovate and Nestle cases. What remains to be seen is whether courts will construe the new substantiation provisions in the way that the FTC intends. Given recent history, that is hardly a sure thing.

February 22, 2012

Citing a lack of transparency about the data collection practices of mobile apps used by children, the FTC issued a report last week calling on industry to provide more meaningful disclosures to users prior to download.

The FTC surveyed 400 applications for kids in the Apple App Store and the Android Market to determine what information, if any, about the app’s data access, collection, and sharing practices was disclosed prior to download. According to the report, the results were disappointing: in most instances, the application did not inform users if the app collected data, let alone the type of data collected. “Providing clear and accessible information is especially important in the kids app space,” according to the report, because the data accessed and collected is likely from a mobile device used by a child, and as such, “could reveal information that a parent may not want shared with unknown third parties, such as a child’s precise geolocation or phone number.”

Indeed, the FTC’s survey revealed that mobile apps can automatically collect from a mobile device a broad range of user information in addition to geolocation and phone number, including the user’s list of contacts, call logs, unique device identifiers, and other stored information – and can share this information with a numerous recipients. Although these capabilities can be valuable in appropriate circumstances when consumers are aware of them, they pose serious risks to privacy when users – and parents of child users – cannot detect their full functionality. For example, an app can connect a user to other app users to play interactive games, which teens and younger children find compelling and entertaining, but in so doing, the app may collect detailed personal information in a manner parents cannot detect.

According to the report, more than half of the kids’ applications in the Android Market covered by the FTC’s survey had the ability to access and receive a wide variety of user content while the app was running, but did not adequately inform users of this fact. And while Apple claims to screen apps to safeguard children from inappropriate content and to reject any app that targets minors for data collection, according to the FTC, the details of this screening process are obscure.

To ensure that users are fully informed of the types of data that a kids’ mobile app collects and uses, the FTC report calls on all members of the apps ecosystem – the app stores, app developers, and third parties servicing the apps – to provide clear, concise and timely disclosure of the apps’ data access and collection practices prior to download. Some recommendations included developing standardized icons to alert users to certain functions or displaying disclosures on icons that can be easily viewed on the small screen of a mobile device.

Although the report does not focus on whether the apps covered by the FTC survey actually collected personal information from children, which may be a violation of the Children’s Online Privacy Protection Act (COPPA), the report indicates that that the FTC plans to conduct additional reviews to determine if enforcement action is warranted. Given that the FTC recently settled its first COPPA action against a mobile app developer, and is revisiting its COPPA Rules with an eye towards mobile apps, industry would be wise to heed this warning – particularly because children and teens, like many users, have a seemingly insatiable “app-etite” for mobile content.

January 03, 2012

From celebrity misappropriation suits to blockbuster class action rulings in the Supreme Court, 2011 was another exciting year in consumer advertising law. As we look forward to 2012, here’s a look at eleven of the top stories from the year that was. If you have your own nominees for 2011’s top eleven, send an email (randal.shaheen@aporter.com) and we’ll try to post our readers' list later this month.

11. Maybe It’s Maybelline … or Maybe It’s Airbrushed

Beauty enhancements should come from products, not post-production! So said the UK’s Advertising Standard Authority in 2011, when it banned advertisements [Aug. 2, 2011] depicting Julia Roberts and Christy Turlington on the basis that the images had been digitally altered.

10. 2011.xxx

Many a legitimate enterprise found itself registering a .xxx domain name in 2011, as a new top level domain was launched for adult content on the Internet. These companies blushingly took advantage of the Sunrise B[Oct. 11, 2011] time period during which non-adult-industry trademark owners could defensively register their marks, thereby eliminating them from the pool of available .xxx domains.

9. There’s No Such Thing as a Free Lunch

It seems like the battle against the bulge is never-ending and so is the FTC’s battle against companies advertising misleading weight loss remedies. In 2011 the FTC reached a $25 million settlement[Oct. 4, 2011] with Reebok over ads for toning shoes that promised “a better butt and better legs with every step.”

8. She Looks Like Kim Kardashian

It’s well known that misappropriation suits are de rigueur for any self-respecting celebrity du jour. See e.g., Paris Hilton’s 2009 suit against Hallmark (for use of the phrase “that’s hot”); Lindsay Lohan’s 2010 suit against E*Trade (for portraying a baby named Lindsay as a “milkaholic”). 2011 was no exception, as Kim Kardashian sued Old Navy[Aug. 4, 2011] for allegedly using a model resembling her in a TV advertisement.

7. Made in Havana, Puerto Rico

The rule that literally true statements can be challenged as impliedly false took a hit this year[Oct. 10, 2011] when the Third Circuit held that survey evidence showing that the name “Havana Rum” gave the impression the rum was made in Cuba could be excluded because the statement on the bottle that the rum was “made in Puerto Rico” was objectively verifiable.

6. The Meaning of “Natural”

The trickle of cases alleging deceptive use of the term “natural” on labeling or in advertisements became a torrent in 2011, with new suits[Oct. 3, 2011] against Conagra, Kellogg, and Skinny Girl, to name just a few.

5.Protecting Children in the US -- Standards for Food Advertising

We have been following FTC efforts to establish principles for marketing food to childrenfor some time. In 2011, these efforts culminated in initial recommendations[May 16, 2011] published by the Interagency Working Group on Food Marketed to Children.These recommendations met with heavy resistance in the form of an industry coalition, [Aug. 9, 2011] which is seeking legislative action on the basis that the proposed standards are overbroad and anti-business.

4. Protecting Children in the UK -- Standards for Decency

The UK advertising regulator, the Advertising Standards Authority, was also active in protecting children in 2011, finding ad campaignsdirected at children[Oct. 24, 2011] or portraying children (here and here) [Aug. 18 and Dec. 19, 2011] to violate UK standards for responsible advertising.

3.COPPA

The FTC proposed changes[Sept. 23, 2011] to rules implementing the Children’s Online Privacy Protection Act (COPPA), which provides parents control over what personal information web sites may collect from children under 13 years old. These proposals are significant, particularly because FTC enforcement has made COPPA compliance a serious consideration[Nov. 23, 2011] for all web site operators.

2. Concepcion

In AT&T Mobility LLC v. Concepcion[May 4, 2011], the Supreme Court held that arbitration provisions prohibiting class-wide arbitrations can be enforced, and that the California Supreme Court’s decision in Discover Bank finding such provisions unenforceable is preempted by the Federal Arbitration Act. The full ramifications of Concepcion have yet to play out, but at least one court has found that such clauses can still be unconscionable. [Nov. 14, 2011]

1. Wal-Mart v. Dukes

The top spot on our list goes to the Supreme Court’s watershed decision[June 28, 2011] on class certification, the first of its kind in many years. Wal-Mart embraces a rigorous analysis of the elements of class certification, and substantially raises the bar for showing that the commonality element of Rule 23 has been met. Commentators were quick to predict that Wal-Mart would shape class action law for years to come, and early indications[Aug. 24, 2011] suggest that might be an understatement. [Nov. 15, 2011]

December 19, 2011

The UK’s advertising regulator, the Advertising Standards Authority (ASA) has banned an advert from haute couture label Miu Miu which showed a child model in a “hazardous or dangerous situation”. The advert, which featured in Tatler Magazine, showed a 14-year old model wearing 1940s-inspired adult clothing and sitting on railway tracks. A complainant said that the model looked like she was or had been crying and challenged whether it was irresponsible as they believed it was suggestive of youth suicide and could be seen by impressionable young people. The ASA also challenged whether the advert was irresponsible for showing a child in an unsafe location. In response, Prada Retail UK Ltd (Prada), which is behind the Miu Miu brand, said that the advert was part of a serious, high-fashion campaign aimed at adult women and was only published in adult magazines such as Tatler. It said that the model was not crying, nor had she been asked to cry or to look upset. The advert was not created to give an impression of youth suicide, nor was it made with the intention of depicting a child in an unsafe location. The photograph had been taken on an abandoned railway, the model was not restrained in any way and it was clear from the extended viewpoint that there was no train in sight.

The ASA dismissed the complaint about youth suicide, holding that the model was not shown looking in distress or crying and that the advert would be seen by a predominantly adult readership. However it upheld the second complaint. The ASA concluded that, although the model was not restrained on the track or seen playing on it, and there was no train in sight, the advert was shot in a potentially hazardous location and was therefore “irresponsible”.

We are used to seeing the ASA taking a firm stance on adverts which sexualise children (e.g., see here how American Apparel learnt from its mistakes), or promote unhealthy behavior (e.g., see here our summary on the banned Kate Moss t-shirt slogan), however this decision takes the ASA’s protection of children significantly further. Advertisers should therefore be mindful of depicting children in situations which may suggest even the potential for danger or hazard.

November 23, 2011

Skid-e-kids, a social networking site which advertises itself as the “Facebook and Myspace for kids,” recently entered into a consent decree with the Federal Trade Commission (FTC) regarding alleged violations of the Children’s Online Privacy Protection Act (COPPA). This latest social networking should send a strong warning to all website operators regarding the potential pitfalls of collecting site visitors’ information without strict screening. In addition, because COPPA applies not just to website operators, but also to operators of mobile applications, many applications operators should be on notice of the implications of the Skid-e-kids Consent Decree.

COPPA requires that website operators notify parents and obtain their consent before collecting personal information from children under age 13. This is required not only for ostensibly “children’s sites”, but also for any websitewhose operators have actual knowledge the site is collecting information from children under age 13. A website operator may have actual knowledge of a user’s age, for example, if it asks for, and receives, information from which age can be determined, such as by asking “What grade are you in?”

Skid-e-kids allegedly violated COPPA by allowing children to register on its site without first obtaining parental permission. Such collection allegedly occurred despite the statement in the site’s privacy policy that it was mandatory for “child users to provide a parent’s valid email address in order to register on the website.” In practice, there apparently was no such requirement, as Skid-e-kids allegedly obtained information from approximately 5,600 children without parental consent.

Pursuant to the Consent Decree, Skid-e-kids must (i) delete all of the personal information it obtained from children without parental consent, (ii) provide a link to online privacy educational material and (iii) retain a privacy professional to oversee compliance for a period of time. Further, the Consent Decree imposes a $100,000 civil penalty on Skid-e-kids – although payment of all but $1,000 of that penalty will be suspended provided Skid-e-kids complies with the Consent Order’s oversight provisions and its operator provided truthful financial information.

The FTC is currently accepting comments on proposed changes to theCOPPA rule. Among the potential changes are expanding the definition of “personal information;” allowing children to participate in some interactive communities without parental consent so long as certain conditions apply; developing new parental consent mechanisms; and strengthening the oversight of the “safe-harbor programs.” Written comments on the proposed revisions are due to the FTC by November 28, 2011.

September 23, 2011

Last week, the FTC announced release of a significant proposal for changes to rules implementing the Children’s Online Privacy Protection Act (COPPA). COPPA, passed in 2000, provides parents control over what personal information websites may collect from children under 13 years old, largely through rules issued by the FTC. These rules spell out what web site operators must include in privacy policies, when and how to seek verifiable consent from parents, and what operators have to do to protect children’s privacy and safety online.

The Proposal follows the FTC’s review of the existing rules over the past decade, including formal consideration of changes in 2005 that resulted in a decision to retain the rules intact. Since then, FTC staff have received a number of requests in related proceedings urging it to revisit the rules. After opening up the issue again last year, the Commission received 70 comments, and heard more during a public roundtable. In issuing the Proposal last week, staff now intend to act “on an accelerated schedule,” pointing to, among other things, the “explosion in children’s use of mobile devices, [and] proliferation of online social networking and interactive gaming” which suggest new vulnerability of children to the collection of their personal information without parental consent. Reflecting concerns about this increased vulnerability, new rules would impose restrictions on the use of geo-location information or behaviorally targeting children with advertising, as well as many changes briefly summarized below.

The T-shirts, promoted in Zazzle Inc’s website, bore a slogan made (in)famous by supermodel Kate Moss, “Nothing tastes as good as skinny feels!”, shown in both the product image and in the labelling. Complaints were made to the ASA that advertising such t-shirts for children was irresponsible. Zazzle responded saying that its website was an open marketplace platform allowing users to sell products of their own design; while it did not pre-screen content, the website had tools allowing users to report products they found offensive. The ASA noted that Zazzle had already removed the ad, but found that, at the time it appeared, it featured children and promoted a product for children to wear that implied that being underweight was desirable. The ad could encourage children to turn to unhealthy diets or develop negative body images, and was therefore in breach of rules on social responsibility and protection of children.

It’s worth a reminder that while in the United States this type of case would not be considered “deceptive,” Section 5 also prohibits “unfair” advertising practices and the FTC has used that authority to occasionally target marketing practices that it believes are injurious and against public policy. One of the more recent examples involved a beer commercial that depicted, in the FTC’s words, “boating passengers as drinking Beck's beer while engaged in activities that require a high degree of alertness and coordination to avoid falling overboard.”

The ASA clearly takes advertising aimed at children, or of products for children, very seriously. With the ASA’s remit expanded since 1 March 2011 to include online promotions, websites offering marketplace-type services may well find that some level of screening may be necessary to ensure ads for items being marketed by users do not breach advertising rules.

August 16, 2011

Mobile Apps are big business. As of early July, Apple estimated that more than 15 billion apps have been downloaded for its popular iPhone and related products. Our blog even has an app and has contributed, in a modest way, to that total.

While many apps don’t require you to provide personal information, some do. And yesterday, in case there was any doubt the FTC made it clear that it views apps as sending and receiving information over the internet and thus are online services subject to its Children’s Online Privacy Protection Act (COPPA). The FTC entered into a settlement with a developer of several apps designed for children, including Emily’s Girl World and Emily’s Runway High Fashion, that were listed in the Games-Kids section of the App Store. The apps allowed children to email “Emily” comments and submit blogs and post information on message boards. As a result, the FTC alleged that the developer collected personal information, such as email addresses and other personal information posted on message boards, from children under the age of 13 without parental notice and consent. The developer agreed to pay a $50,000 penalty and to delete all personal information it collected in violation of COPPA.

COPPA enforcement continues to be a “hot” item for the FTC and clearly anyone marketing an app for children should take a look at their information collection practices and perhaps avail themselves of the safe harbor certification process offered by organizations such as the National Advertising Division’s Children’s Advertising Review Unit (CARU). In addition, even if an app is not “directed” toward children, a company marketing an app for adults can also violate COPPA if it knowingly collects personal information from a child under the age of 13 without parental notice and consent. It’s also worth noting that the definition of “personal information” is quite broad and can include the use of a “persistent identifier, such as a customer number held in a cookie that is associated with individually identifiable information. Still not sure what to do? A search of the App Store this morning yielded no hits for COPPA compliance but just wait. Maybe there’ll soon be an App for that .